Analyzing PCAP file in forensic investigation or, incident response takes a long time. In such cases, Decap tool will help you to initially scan the PCAP file.
:ledger: Feature
Get the security reputation of IP address.
Get the security reputation of URL.
Get MAC address and vendor name.
Check existence of suspicious network ports.
:beginner: Requirements
Decap tool requires the Internet connection.
Decap tool is built with PowerShell and Python. If you are using Decap tool for the first time then, install some required Python modules by running the below commands: pip install scapy pip install OTXv2
:black_square_button: How to Run
Open up the Command Prompt (cmd.exe) and go to the Decap tool's folder. For example, if your Decap folder location is 'E:\Downloads\decap-main' then run the below command: cd E:\Downloads\decap-main
Now use the below command to run the Decap tool: powershell -File decap.ps1 file.pcap
Replace file.pcap with your PCAP file location. For example, if you want to scan the 'E:\Packets\file.pcap' file then run the below command: powershell -File decap.ps1 E:\Packets\file.pcap
:toolbox: Don't have PCAP file?
You can download PCAP files of malware infected network from Malware Traffic Analysis. Password of the ZIP file will be infected.